I recently had a Laptop in the workshop that had a particularly difficult to remove Rootkit Virus installed on it.

I couldn’t use the removal tool that I normally use because it isn’t compatible with Windows 8, so I did some research and found a different tool called GMER.

What is a Rootkit Virus?

But before I go on and explain how useful the tool was, I’ll just quickly explain what a Rootkit Virus is.

The name comes from a term used in Unix and Linux Operating Systems, with “Root” referring to a “Privileged” account or in other words an account with Administrative rights, whilst the “kit” part of the name refers to software components that implement it. A Rootkit virus assumes admin control of the Operating System, making it very difficult to remove.

So having found that my usual bag of tricks was not going to work, it was time to find something else.

During my research, I came across a removal tool that I hadn’t heard of before (as previously mentioned, GMER), and I gave it a shot.

To my surprise it was very simple and effective.

I downloaded the Removal Tool, and unlike many other tools, I didn’t have to rename the executable file to something that a potential virus wouldn’t recognise and therefore prevent running, because it is already named with a random file name at download. It was also a very small file size of 372kb.

GMER scans for the following:

hidden processes

hidden threads

hidden modules

hidden services

hidden files

hidden disk sectors (MBR)

hidden Alternate Data Streams

hidden registry keys

drivers hooking SSDT

drivers hooking IDT

drivers hooking IRP calls

inline hooks

If a Rootkit Virus is present, you will be notified with a screen that looks like the following:

Removing the identified viruses involves right clicking on the identified virus and choosing “Delete the Service”.

Latest Tweets

Happy Australia Day...we are so blessed to live in this peaceful, prosperous & tolerant corner of the world. For many migrants it’s a particularly special day. Forever grateful to call Australia home.🇦🇺

Latest Posts

By now, most people would have heard about the Worldwide Ransomware attack that employed the virus called Wanna Cry. Some 200,000 computers across many counties worldwide have been affected including the NHS in Britain, the National Railway in Germany, FedEx in the USA and Spain’s National Railway system. It has caused mayhem among some very […]

I recently read a quote that was meant to apply to Businesses, but equally applies to anyone online. And it went like this: When you are attempting to secure your business, you have to be right 100 percent of the time. The hacker only has to be right once. This quote highlights the ever increasing […]

Ransomware has been on the rise over the last six months. I have noticed a huge increase in the number of inquiries from people who have been infected with viruses that have encrypted the data on their Hard Drives. This article gives you some options for decrypting your data without paying the ransom. These viruses, […]